Microsoft Issues Word, Forms Patches

Microsoft Corp. has been working for the past few days to create fixes for a Word 97 bug and an ActiveX Control bug that could allow malicious hackers to tamper with a computer without a user's knowledge.

The Word 97 bug was first brought to Microsoft's (MSFT) attention by visitors to the Woody's Office Watch Web site, according to the site's editors. They say the bug is extremely simple to exploit, although Microsoft said it doesn't know of any users who are affected.

The company has posted patches for a bug found in Word 97 and the Microsoft Forms version 2.0 ActiveX Control.

Microsoft Forms 2.0 Control is installed with Office 97 and Outlook 98 and lets developers create custom dialog boxes. The Microsoft Forms bug could allow a hacker to read text on a person's clipboard when the person opens up an HTML-based e-mail from a hacker or visits a site that a hacker has created.

The Word 97 bug could let a hacker run malicious code on a user's computer by taking advantage of the program's failure to warn a user that a macro is being activated.

Normally, Word 97 warns users that a macro is being run. However, it does not warn users if a document that does not contain macros links to a document that does. Hackers could take advantage of this lapse to create a macro virus. Macro viruses can use the macro's language to wreak havoc on a computer unbeknownst to the user. Because they are not platform-specific, they can be spread merely by passing application from user to user.

Microsoft has posted more information at its security site.


FAQ Articles DirectX Plus98! Downloads Drivers News Archive
Home, Links, Awards, Help, Map, Poll, Newsgroups, Online Chat, Mailing List, Search
Tips & Tricks Guides Bugs & Fixes Themes Reviews Site Contents ActiveIE

HR Line

Copyright (C) 1998-1999 The Active Network. All rights reserved.
Please click here for full terms of use and restrictions.